Issue with Flask Blueprints and login redirects

Question

I have a sample Flask app which mostly works. The base URL (/) doesn't require authentication; however, I have a resource at /auth/secured, which requires authentication.

The app works very well as long as a user is logged in; however, it throws a werkzeug.routing.BuildError (BuildError: Could not build url for endpoint 'login' with values ['next']. Did you mean 'auth.login' instead?) when someone tries to access /auth/secured as an unauthenticated user, because I have it coded like this:

@auth.route('/secured')
@ldap.login_required
def secured():
    return 'Login Success! {0}'.format(session)

I'm using Flask Blueprints for my URL routing... I assumed this should work...

def create_app(config_name):
    from .main import main as main_blueprint
    from .auth import auth as auth_blueprint

    # Configure the flask instance...
    app = Flask(__name__)
    app.config.from_object(config[config_name])
    config[config_name].init_app(app)

    # Initialize the application...
    bootstrap.init_app(app)
    db.init_app(app)
    ldap.init_app(app)

    # Blueprint registration
    app.register_blueprint(main_blueprint)
    app.register_blueprint(auth_blueprint, url_prefix='/auth')

    return app

The app directory is built as follows:

testapp/
 |
 + config.py
 + manage.py
 + app/
   |
   + __init__.py
   + auth/
     |
     + __init__.py
     + views.py
   + main/
     |
     + __init__.py
     + views.py

As best I can tell, something is messed up in my blueprint registration; however, I'm at a loss for where the error is.

How do I make an unauthenticated user redirect correctly to the /auth/login URL when they surf to /auth/secured as an unauthenticated user?

Answer 1

Looks like there are a couple of problems.

The first is a missing config parameter, LDAP_LOGIN_VIEW. The default is login but since you don't have a view named 'login', you probably want to set this to be auth.login in your config file:

LDAP_LOGIN_VIEW = 'auth.login'

The next issue is that your auth.login doesn't handle a next parameter. The next parameter tells the login function where to redirect after a successful login. This might cause a problem since flask-simpleldap is passing a next parameter here.

return redirect(url_for(current_app.config['LDAP_LOGIN_VIEW'], 
       next=request.path))

You can access the next parameter through the request object.

Example:

from flask import request
@app.route('/login', methods=['POST', 'GET'])
def login():
    error = None
    if request.method == 'POST':
        if valid_login(request.form['username'],
                       request.form['password']):
            return log_the_user_in(request.form['username'])
        else:
            error = 'Invalid username/password'
    # the code below is executed if the request method
    # was GET or the credentials were invalid
    return render_template('login.html', error=error)